CVE-2022-39337

Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:18

Type Values Removed Values Added
References () https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876 - Patch () https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876 - Patch
References () https://github.com/dromara/hertzbeat/issues/377 - Exploit, Issue Tracking () https://github.com/dromara/hertzbeat/issues/377 - Exploit, Issue Tracking
References () https://github.com/dromara/hertzbeat/pull/382 - Issue Tracking, Patch () https://github.com/dromara/hertzbeat/pull/382 - Issue Tracking, Patch
References () https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6 - Vendor Advisory () https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6 - Vendor Advisory

28 Aug 2024, 15:44

Type Values Removed Values Added
First Time Apache
Apache hertzbeat
CPE cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:* cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*

02 Jan 2024, 20:27

Type Values Removed Values Added
First Time Dromara
Dromara hertzbeat
CPE cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6 - () https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6 - Vendor Advisory
References () https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876 - () https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876 - Patch
References () https://github.com/dromara/hertzbeat/issues/377 - () https://github.com/dromara/hertzbeat/issues/377 - Exploit, Issue Tracking
References () https://github.com/dromara/hertzbeat/pull/382 - () https://github.com/dromara/hertzbeat/pull/382 - Issue Tracking, Patch

22 Dec 2023, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-22 15:15

Updated : 2024-11-21 07:18


NVD link : CVE-2022-39337

Mitre link : CVE-2022-39337

CVE.ORG link : CVE-2022-39337


JSON object : View

Products Affected

apache

  • hertzbeat
CWE
CWE-284

Improper Access Control

CWE-863

Incorrect Authorization